From: Jonathan M. Wilbur <jonathan@wilbur.space>
Date: Mon, 17 Jun 2024 18:22:08 +0000 (+0000)
Subject: feat: add acceptablePrivilegePolicies and acceptableCertPolicies exts
X-Git-Tag: openssl-3.4.0-alpha1~445
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b735fe2195938ea6cafbef37c8bcf8a33b04c4b;p=thirdparty%2Fopenssl.git

feat: add acceptablePrivilegePolicies and acceptableCertPolicies exts

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24663)
---

diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h
index f3ad5afbf05..3c59f32baab 100644
--- a/crypto/x509/ext_dat.h
+++ b/crypto/x509/ext_dat.h
@@ -36,3 +36,5 @@ extern const X509V3_EXT_METHOD ossl_v3_holder_name_constraints;
 extern const X509V3_EXT_METHOD ossl_v3_delegated_name_constraints;
 extern const X509V3_EXT_METHOD ossl_v3_subj_dir_attrs;
 extern const X509V3_EXT_METHOD ossl_v3_associated_info;
+extern const X509V3_EXT_METHOD ossl_v3_acc_cert_policies;
+extern const X509V3_EXT_METHOD ossl_v3_acc_priv_policies;
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index 655dd21e1e7..879226eabeb 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -77,6 +77,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &ossl_v3_ext_admission,
     &ossl_v3_delegated_name_constraints,
     &ossl_v3_soa_identifier,
+    &ossl_v3_acc_cert_policies,
+    &ossl_v3_acc_priv_policies,
     &ossl_v3_indirect_issuer,
     &ossl_v3_no_assertion,
     &ossl_v3_single_use,
diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c
index 22c951e251c..6053d5e2cb9 100644
--- a/crypto/x509/v3_extku.c
+++ b/crypto/x509/v3_extku.c
@@ -44,6 +44,30 @@ const X509V3_EXT_METHOD ossl_v3_ocsp_accresp = {
     NULL
 };
 
+/* Acceptable Certificate Policies also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD ossl_v3_acc_cert_policies = {
+    NID_acceptable_cert_policies, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+/* Acceptable Privilege Policies also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD ossl_v3_acc_priv_policies = {
+    NID_acceptable_privilege_policies, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
 ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
         ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
 ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)